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AMENDMENTS TO THE CLAIMS 

1 . (currently amended) A method comprising: 

d e t e rmining which syst e m resourc e s of a comput e r syst e m, if any, ar e to 

r e main und e r control of a r e sident op e rating system of th e comput e r syst e m and 
which of the syst e m r e sourc e s ar e to b e placed under control of on e or mor e 
customiz e d e xecution e nvironm e nts (CE 2 s) that are to b e established within th e 
computer system; and 

partitioning th e system r e sourc e s among the r e sid e nt op e rating syst e m and 

th e on e or mor e CE a s by associating one or more partitions of the syst e m 
r e sourc e s with th e on e or mor e CE 2 Sr 

providing a computer-readable medium encoded with instructions that 
implement one or more customized execution environments, each customized execution 
environment providing an execution environment for a single application and exclusively 
managing a subset of hardware resources of a computer system, with no operating system 
abstractions or interfaces interposed between the customized execution environment and 
the subset of hardware resources; 

determining which hardware resources of the computer system are to 
remain under control of a resident operating system executing within the computer 
system and which of the hardware resources of the computer system constitute each 
subset of hardware resources of the computer system managed exclusively by one of the 
one or more customized execution environments; and 

partitioning the hardware resources among the resident operating system 
and the one or more customized execution environments by associating one or more 
partitions of the hardware resources with the one or more customized execution 
environments. 

2. (currently amended) The method of claim 1, wherein said partitioning the syst e m 
hardware resources comprises the resident operating system configuring the one or more 
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partitions using hardware-based isolation techniqu e s features provided by one or more 
processors of the computer system. 

3. (original) The method of claim 2, further comprising the resident operating 
system entering a dormant state. 

4. (currently amended) The method of claim 1, wherein said partitioning the syst e m 
hardware resources comprises the operating system configuring the one or more 
partitions using a secure-platform interface. 

5. (currently amended) The method of claim 4, further comprising the resident 
operating system retaining full control of one or more of the partitions and remaining 
active after said partitioning the system hardware resources. 

6. (currently amended) The method of claim 1, wherein said partitioning the syst e m 
hardware resources comprises a system administrator configuring the one or more 
partitions using hardware partitioning capability by the computer system. 

7. (currently amended) The method of claim 6, further comprising separately 
booting the resident operating system and the one or more customized execution 
environments GE 3 s within their respective configured partitions. 

8. (currently amended) The method of claim 1, further comprising a customized 
execution environment GE of the one or more customized execution environments GB s 
making use of capabilities of the computer system not supported by the resident operating 
system. 

9. (currently amended) The method of claim 1, wherein a customized execution 
environment GE of the one or more customized execution environments GB s comprises 
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both statically linked system code and data modules and application code and data 
modules. 

10. (currently amended) The method of claim 1, wherein functional capabilities of a 
customized execution environment GE 2 of the one or more customized execution 
environments GE 2 s is strictly limited to only those services required by a small set of 
predetermined applications. 

11. (currently amended) The method of claim 1, where in an application within a 
customized execution environment GE 2 of the one or more customized execution 
environments €E 2 s is limited to a single thread of execution in a processor controlled by 
the CE 2 . 

12. (currently amended) The method of claim 1, wherein a customized execution 
environment GE of the one or more customized execution environments GE s utilizes 
hardware capabilities not supported by the resident operating system. 

13. (currently amended) The method of claim 1, wherein services provided to an 
application within a customized execution environment GE 2 of the one or more 
customized execution environments GE s enable the application to recover and continue 
from a system error. 

14. (original) The method of claim 1, wherein a customized execution environment 
GE 2 of the one or more customized execution environments GE 2 s is non-portable. 

15. (currently amended) The method of claim 1, wherein services provided to an 
application within a customized execution environment GE 2 of the one or more 
customized execution environments GE s utilize no general-purpose operating system 
abstractions. 
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16. (currently amended) The method of claim 1 , wherein services within a customized 
execution environment GE 2 employ entirely different resource management strategies 
than those used by a general-purpose operating system. 

17. (currently amended) A method comprising 

providing a computer-readable medium encoded with instructions that implement 
a customized execution environment, the customized execution environment providing an 
execution environment for a single application, and exclusively managing a subset of 
hardware resources of a computer system, with no operating system abstractions or 
interfaces interposed between the customized execution environment and the subset of 
hardware resources; 

an op e rating syst e m of a comput e r syst e m r e c e iving information r e garding a 
customiz e d ex e cution e nvironm e nt (CE 2 )f 

the operating system partitionin g, by an operating system executing within the 
computer system, the syst e m hardware resources of the computer system, including one 
or more processors and one or more ranges of physical memory, by (i) 

determining which of the syst e m hardware resources , if any, are to remain 
under control of the operating system and which of the syst e m hardware resources are to 
be placed within the subset of hardware resources exclusively managed by the 
customized execution environment GE 2 , and-tefl 

associating a first partition of the syst e m hardware resources with the 
customized execution environment GE ; and 

the operating system surrendering full control of the first partition of the 
syst e m hardware resources to the customized execution environment GE . 

18. (currently amended) The method of claim 1 7, wherein the information regarding a 
customized execution environment GE 2 includes a directive to partition hardware 
resources and an associated partition descriptor, the partition descriptor identifying 
hardware resources needed by the customized execution environment GE and indicating 
how partitions are to be configured. 
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19. (currently amended) The method of claim 17 5 wherein said associating a first 
partition of the syst e m hardware resources with the customized execution environment 
€B 2 comprises disassociating those of the syst e m hardware resources in the fist first 
partition from the operating system and reconfiguring interrupts. 

20. (currently amended) The method of claim 17, further comprising: 

the operating system retaining full control of a second partition of the 
syst e m hardware resources; and 

isolating the second partition of the syst e m hardware resources to protect 
the system hardware resources associated with the operating system from the customized 
execution environment €E 2 by employing hardware isolation. 

21 . (currently amended) The method of claim 20, further comprising isolating the first 
partition of the syst e m hardware resources to protect the syst e m hardware resources 
associated with the customized execution environment GE from the operating system by 
employing hardware isolation. 

22. (currently amended) The method of claim 20, wherein the hardware isolation 
comprises establishing one or more disjoint sets of protection keys for one or more 
operations on one or more ranges of virtually addressed memory in the first or second 
partitions of the syst e m hardware resources. 

23. (currently amended) The method of claim 20, wherein the hardware isolation 
comprises establishing one or more disjoint sets of region identifiers for one or more 
operations on one or more ranges of virtually addressed memory in the first or second 
partitions of the syst e m hardware resources. 

24. (currently amended) The method of claim 20, wherein the hardware isolation 
comprises associating one or more ranges of memory in the second partition of the 
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system hardware resources with a processor in the second partition, and associating one 
or more ranges of memory in the first partition of the syst e m hardware resources with a 
processor in the first partition. 

25. (currently amended) The method of claim 24, wherein said associating one or 
more ranges of memory in the second partition of the syst e m hardware resources with a 
processor in the second partition, and said associating one or more ranges of memory in 
the first partition of the syst e m hardware resources with a processor in the first partition, 
comprises employing a region-identifier-based memory partitioning mechanism. 

26. (currently amended) The method of claim 17, further comprising: 

receiving an indication that the customized execution environments €B is 
terminating; and 

the operating system assuming control of the first partition of the syst e m 
hardware resources. 

27. (currently amended) A system comprising: 

a computer-readable medium encoded with instructions that implement a 
resident operating system and one or more customized execution environments, each 
customized execution environment providing an execution environment for a single 
application, and exclusively managing a subset of hardware resources of a computer 
system, with no operating system abstractions or interfaces interposed between the 
customized execution environment and the subset of hardware resources; 

on e or mor e storag e d e vices having stor e d th e r e on softwar e images of a 
r e sid e nt op e rating syst e m and customiz e d control e nvironm e nt and s e rvic e s associated 
with on e or mor e custom e x e cution e nvironm e nts (CE 2 )t 

one or more processors, coupled to the one or more storage devices, te that 
execute the resident operating system and the customized control environment aftd 
s e rvic e s , where: 
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a determination is made with respect to which portion , if any, of hardware 
resources of the system, including the one or more processors and memory of the system, 
are to remain under control of the resident operating system and which portion of the 
hardware resources are to be placed under control of the one or more customized 
execution environments GB^s; and 

the hardware resources are partitioned among the resident operating 
system and the one or more customized execution environments GE 2 s by associating one 
or more portions of the hardware resources with the one or more customized execution 
environments GE s. 

28. (currently amended) A server comprising: 

a computer-readable medium encoded with instructions that implement a 
resident operating system and one or more concurrent customized execution 
environments, each customized execution environment providing an execution 
environment for a single application, and exclusively managing a subset of hardware 
resources of a computer system, with no operating system abstractions or interfaces 
interposed between the customized execution environment and the subset of hardware 
resources, the resident operating system capable of establishing a first partition of 
hardware resources for use and control by the operating system and a second partition of 
hardware resources for use and control by the concurrent customized execution 
environments; 

one or more storage devices having stored thereon software images of an 
operating system and customized control environment and services associated with a 
concurrent custom execution environment (G 2 B 2 ), the operating system capable of 
establishing a first partition of syst e m resources for use and control by the operating 
system and a second partition of system resources for use and control by the C 2 E 2 ; 

one or more processors, coupled to the on e or more storag e d e vic e s 
computer-readable medium , te that execute the resident operating system and th e 
customiz e d control environm e nt and s e rvic e s , where: 



9 



a first portion of the one or more storage devices, a first portion of the one 
or more processors, a first portion of memory, and a first portion of one or more 
input/output (I/O) devices are associated with the first partition by the operating system; 

a second portion of the one or more storage devices, a second portion of 
the one or more processors, a second portion of the memory, and a second portion of the 
one or more input/output (I/O) devices are associated with the second partition by the 
resident operating system; 

the first partition is isolated to protect the syst e m hardware resources 
associated with the resident operating system from the concurrent custom execution 
environment G 2 E 2 by employing hardware-based security measures; and 

full control of the second partition is surrendered to the concurrent custom 
execution environment G 2 E 2 by the resident operating system initializing and invoking 
the customized control environment and services in the second portion of memory. 

29. (currently amended) The server of claim 28, wherein the second partition is 
isolated to protect the syst e m hardware resources associated with the concurrent custom 
execution environment G 2 E 2 from the resident operating system by employing hardware- 
based security measures. 

30. (original) The server of claim 28, wherein the customized control environment 
and services are non-portable. 

31. (original) The server of claim 28, wherein the first partition includes at least one 
processor. 

32. (original) The server of claim 28, wherein the second partition includes at least 
one processor. 
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33. (original) The server of claim 28, wherein the one or more storage devices have 
stored thereon a software image of a customized application for which a computational 
structure of the customized control environment and services has been tuned. 

34. (original) The server of claim 33, wherein the customized application comprises a 
web edge engine. 

35. (original) The server of claim 34, wherein the web edge engine comprises a web 
server. 

36. (original) The server of claim 34, wherein the web edge engine comprises an 
application server. 

37. (original) The server of claim 34, wherein the web edge engine comprises a 
communication server. 

38. (original) The server of claim 28, wherein a communication channel is maintained 
between the first partition and the second partition, and wherein a dynamic content 
generator executes within the first partition and provides dynamic content to the web 
server via the communication channel. 

39. (original) The server of claim 28, wherein the hardware-based security measures 
comprise use of one or more of region identifiers, protection identifiers, and memory 
page access rights values. 

40. (currently amended) An operating system comprising: 

a means for partitioning syst e m hardware resources into a least a first 
partition to remain under the control of the operating system , which executes within a 
computer system, and a second partition that is to be placed under the full control of a 
concurrent custom execution environment the concurrent customized execution 
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environment providing an execution environment for a single application, and 
exclusively managing a subset of hardware resources of the computer system, with no 
operating system abstractions or interfaces interposed between the customized execution 
environment and the subset of hardware resources ; 

an interface means to hardware-based isolation features for protecting the 
system hardware resources of the first partition against access by the concurrent custom 
execution environment 

a means for transferring foil control of the syst e m hardware resources of 
the second partition to the concurrent custom execution environment G E , including 
initializing and invoking customized control and services associated with the concurrent 
custom execution environment € E ; and 

a means for providing communication between the first partition and the 
second partition. 

41. (currently amended) The operating system of claim 40, further comprising a 
means for reincorporating partitioned system hardware resources. 

42. (currently amended) The operating system of claim 40, further comprising: 

separate means for operator control of the operating system and the 
concurrent custom execution environment G^E 2 ; and 

separate interface means for monitoring the operating system and the concurrent 
custom execution environment G 2 E 2 . 

43. (currently amended) An operating system comprising: 

a means for communicating with one or more concurrent custom 
execution environments (G 2 E 2 s) operating within and controlling respective hardware- 
enforced partitions of a syst e m hardware resources separate from a hardware-enforced 
partition of syst e m hardware resources in which the operating system resides , the 
concurrent customized execution environment providing an execution environment for a 
single application, and exclusively managing a subset of hardware resources of a 
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computer system, with no operating system abstractions or interfaces interposed between 
the customized execution environment and the subset of hardware resources ; and 

a means for causing a concurrent custom execution environment G 2 e 2 of 
the one or more concurrent custom execution environment G E to begin processing or to 
terminate. 



